IRDAI Regulations for KYC in the Insurance sector, 2022

The need for New IRDAI Regulations for KYC & AML

Banking and capital market players already have stringent KYC & AML processes in place. And now, they are also joined by the insurance sector. Under the new IRDAI guidelines for general insurers; performing KYC (Know Your Customer) and AML checks on individuals is now mandatory before onboarding.

These checks help FIs decide if they can trust an individual with their financial services. They also help FIs categorise their customers as per the risk (low, medium, and high) involved.

For those not aware, the insurance sector in India is regulated by the IRDAI – Insurance Regulatory and Development Authority of India. 

On 1st August 2022, IRDAI released a new set of regulations to safeguard the insurance sector against money laundering. While similar standards have always applied for life insurance; it is the 1st time that general insurers have been subjected to stringent onboarding rules. Let’s dive into what the new regulation says. 

6 Key takeaways from the new IRDAI regulations for KYC (and AML) in Insurance 

1. IRDAI requires the Insurers to conduct customer KYC in this manner:

– KYC for individual customer(s):

• Make best efforts to determine the true identity of a customer 
• Put special procedures in place to identify new/existing customers
• Ensure that no insurance contracts are given to anonymous or fictitious names 
• Verify identify, address, and the recent photograph of a customer
• Ask for ‘self-declaration’ when a customer wants to submit an address different than what’s on their Aadhaar card. Otherwise, Aadhar can serve as both, identity and address proof
• Request OVD (Officially valid documents) from customers who cannot go through Aadhaar authentication due to age, injury, illness, or otherwise

 

-KYC for a juridical person:

(Juridical person is an entity, constituted either by a collection or succession of natural or physical individuals, that can take part in legal actions)

• Take steps to identify the entity and its beneficial owner(s)
• Take reasonable steps to identify beneficial ownership

(What is beneficial ownership? – A natural person who ultimately owns or controls an entity on whose behalf the transaction is being conducted, and includes a person who exercises ultimate effective control over a juridical person)

• Verify that any person purporting to act on behalf of a juridical person is authorized and verify the identity of that person
• Identify and verify a juridical person’s legal status through various documents to support details like 

1. The name, legal form, and proof of existence, 
2. Powers that regulate and bind the juridical persons, 
3. Address of the registered office/ main place of business, 
4. Authorized individual person(s), who is/ are purporting to act on behalf of such client
5. Ascertaining Beneficial Owner(s)

Note: No insurance company shall allow the opening of or keep any accounts that are anonymous, under fictitious names, or on behalf of individuals whose identity has not been disclosed or cannot be verified. 

2. The KYC processes accepted by IRDAI are:

• Aadhaar-based KYC through online authentication
• Aadhaar-based KYC through offline authentication
• Digital KYC as per PML Rules
• Video-Based Identification Process (VBIP)
• Insurers may undertake live VBIP by developing an application (using VKYC service providers like IDfy) that facilitates the KYC process either online or face-to-face in-person verification through video
• By using the ‘KYC identifier’ allotted to the client by the CKYCR
• Or by using the customer’s OVD (Officially Valid documents)

Note: Insurers may perform KYC on their potential customers using any one of the above ways

 

3. In case, during KYC, a customer is found to be a ‘Politically Exposed Person’ (PEP) category, Insurers must follow these:

• Consult the senior management to get onboarding approval for such proposals 
• Lay down risk management procedures and practice additional due diligence on PEP as well as their close relatives on an on-going basis. This is also applicable in the case of insurance in which a PEP is the ultimate beneficial owner
• Notify the senior management about changes in the status of a PEP or about a customer newly transitioning to PEP. In such case, additional due diligence must be practiced

 

4. In addition to the above, some other mandatory activities for an IRDAI-compliant AML are:

• Collection of PAN/Form 60 from customers 
• Under all kinds of Group Insurance (Life /General/Health), KYC must be conducted on the ‘Master Policyholders’ / ‘Juridical Person’ / ‘Legal Entity’, and the respective ‘Beneficial Owners (BO)’. In addition, the Master Policyholders of the group insurance should maintain the details of all the individual members covered in the insurance. Which they should make available to the insurer as and when required
• Customer information should be collected from all relevant sources, including from agents/intermediaries
• Care has to be exercised to avoid involvement in insuring assets bought out of illegal funds
• It is imperative to ensure that the insurance premium should not be disproportionate to the customer’s income/asset
• At any point of time, where insurers are no longer satisfied about the true identity or the transaction(s) made by a customer, a Suspicious Transaction Report (STR) should be filed with Financial Intelligence Unit-India (FIU-IND) 

 

5. Insurers must also practice client due diligence as per Rule 9 of PML rules. 

• Under this, Insurers must practice necessary Client Due Diligence using KYC on both, new and existing customers. They must also practice ongoing due diligence on customers based on the risk levels and the aggregate amount of insurance in a financial year. 

 

6. To implement Section 51A of the Unlawful Activities (Prevention) Act, 1967 (UAPA), Insurers must:

• Not enter into a contract with a customer whose identity matches with any person in the UN sanction list or with banned entities and those reported to have links with terrorists or terrorist organizations
• Periodically check MHA website for an updated list of banned entities
• Maintain an updated list of designated individuals/entities in electronic form and run a check on the given parameters on a regular basis to verify whether designated individuals/entities are holding any insurance policies with the insurers

 

What has changed for Life and General Insurance companies 

Here’s a comparison between the KYC process at life and general insurance companies before and after the new IRDAI regulations for KYC. 

 

For General Insurers

 

As per old regulation	As per new circular	Which circular?
KYC (with PoI & PoA) was required only in cases where claim payout/premium refund was greater than Rs. 1 Lakh	KYC is mandatory for all customers Simplified due diligence applicable to low-risk customers with an annual premium less than Rs. 10,000  For everyone else, enhanced due diligence is needed. This means identity document verification is mandatory	2013 AML/CFT Guidelines for General Insurers
KYC (with PoI & PoA) to be carried out only at the claims/payout stage	KYC required for all customers at the time of onboarding KYC needs to be done for all existing customers	2013 AML/CFT Guidelines for General Insurers
No clear guidelines for when AML needs to be conducted Few lists mentioned	Clearly states no insurer shall enter into contracts with people whose names appear on certain sanctions lists (UN sanctions, MHA, terrorist links) Number of Lists expanded	2013 AML/CFT Guidelines for General Insurers
No mention of PEP checks	Mandatory ongoing PEP checks required for all customers	2013 AML/CFT Guidelines for General Insurers
No mention of obtaining ‘dubious information from public sources’ about a person	Need to obtain this information for risk classification	2013 AML/CFT Guidelines for General Insurers
Onboarding mentioned only using KYC documents	Onboarding via CKYC and Video KYC are now allowed	2013 AML/CFT Guidelines for General Insurers
KYC of the beneficial owner of the company who is the recipient of the group insurance is not needed	KYC of company & Beneficial Owners who are the recipient(s) of the group insurance is mandatory  ‘Details’ of individual policy holders need to be maintained by the company	2013 AML/CFT Guidelines for General Insurers
No connection of Insurance Premium to income/ asset	It is imperative to ensure that the insurance premium should not be disproportionate to income/ asset.	2013 AML/CFT Guidelines for General Insurers

 

For Life Insurance

 

As per old regulation	As per new circular	Which circular?
Only one common proof of address (PoA) & proof of identity (PoI) needed (e.g. if an Aadhaar card is supplied, PAN is not needed) for most cases PAN needed only if the annual premium is > Rs. 1 lakh. Or in case of premium/proposal deposits remittances in cash beyond  Rs. 50,000/- If annual premium < Rs. 10,000, then only PoI is needed (PoA not needed)	PAN is mandatory for onboarding all new customers  For existing customers for whom PAN is not available, PAN has to be updated by a deadline. This is necessary for continued operation	2015 Master Directions, 2019 Clarification
No mention of PAN in VCIP (Video-Based Customer Identification Process) for customer onboarding	Photo of PAN & subsequent database verification needed	2020 VBIP Guidelines
Simplified due diligence applicable to all low-risk customers (defined as salaried, lower-income customers, etc.) irrespective of premium amounts	Simplified due diligence applicable to low-risk customers with annual premium < Rs. 10,000 (translates to life insurance amount of Rs. 60-70 Lakhs) For everyone else, enhanced due diligence is needed. This means that identity document verification is mandatory along with identifying the source of funds	2015 Master Directions
KYC of the company who is the recipient of the group insurance wasn’t needed	KYC of company & Beneficial Owners who is the recipient of the group insurance is needed  ‘Details’ of individual policyholders needed to be maintained by the company	2015 Master Directions
KYC should be carried out at claim payout	Since KYC will be conducted at the time of onboarding, it won’t be needed during the payout stage	2015 Master Directions
No connection of Insurance Premium to income/ asset	It is imperative to ensure that the insurance premium should not be disproportionate to income/ asset	2015 Master Directions
	A lot more focus on risk assessment & potential scrutiny on practices